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WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
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3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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DETAILED ACTION 



Continued Examination Under 37 CFR 1.114 



1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.1 14, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. 



2. Applicant's submission filed on August 24, 2006 has been entered and made of 
record. 



Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 
644 (CCPA 1969). 
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A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply 
with 37 CFR 3.73(b). 

3. Amended Claims 1,3,4,6-10,13,14,16,17,19-23,26-28 provisionally rejected on 
the ground of nonstatutory obviousness-type double patenting as being unpatentable 
over amended claims 1,3,5-11,13 and 15-25 of copending Application No. 09/544,795. 
Although the conflicting claims are not identical, they are not patentably distinct from 
each other because the instant case, all elements of claims 1,3,4,6-10,13,14,16,17,19- 
23,26-28 correspond to the claims 1,3,5-11,13 and 15-25 of the copending application 
claims, except in the instant claims " receiving data from a network application program 
interface (API) of a sending client, the data comprising a portion of an event to be sent 
from the sending client to a receiving client: determining if the data is eligible for a 
security operation, wherein eligibility is determined by selector data contained in the 
data:" , is referred in the copending application claims as " receiving a reguest for a ticket 
from a reguesting client, the ticket to include an event summary identifying a set of 
events for which the reguesting client is eligible: ...wherein the hierarchical database 
further comprises a directed acyclic group structure in which clients assigned to a 
particular group are eligible for events assigned to the particular group as well as events 
assigned to all ancestor groups of the particular group . It would have been obvious to 
one having ordinary skill in the art to recognize that "eligibility determined by selector 



Application/Control Number: 09/544,493 Page 4 

Art Unit: 2136 

data contained in the data, is equivalent to " eligible for events assigned to the particular 
group as well as events assigned to all ancestor groups of the particular group" . 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

4. Amended Claims 1,3,4,6-10,13,14,16,17,19-23,26-28 provisionally rejected on 
the ground of nonstatutory obviousness-type double patenting as being unpatentable 
over amended claims 1-8,10-34,39 and 42 - 48 of copending Application No. 
09/544,898. Although the conflicting claims are not identical, they are not patentably 
distinct from each other because the instant case, all elements of claims 1 ,3,4,6- 
10,13,14,16,17,19-23,26-28 correspond to the claims 1-8,10-34,39 and 42 - 48 the 
copending application claims, except in the instant claims " receiving data from a 
network application program interface (API) of a sending client the data comprising a 
portion of an event to be sent from the sending client to a receiving client: determining if 
the data is eligible for a security operation, wherein eligibility is determined by selector 
data contained in the data: applying the security operation to the data if the data is 
eligible, wherein applying the security operation comprises using the security 
association on the at least a portion of the data:" , is referred in the copending 
application claims as " receiving a reguest for a key at a key server, said reguest being 
received from a receiving client, said key to facilitate access to a multicast event by the 
receiving client, wherein the key is a symmetric key that a sending client uses to encrypt 
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the multicast event and the receiving client uses to decrypt the multicast event: 

v 

determining if the receiving client is qualified to receive the key based on a ticket 
previously obtained by the receiving client from a ticket server . It would have been 
obvious to one having ordinary skill in the art to recognize that "applying the security 
operation to the data if the data is eligible, wherein applying the security operation 
comprises using the security association on the at least a portion of the data", is 
equivalent to " a symmetric key that a sending client uses to encrypt the multicast event 
and the receiving client uses to decrypt the multicast event" . 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

Response to Arguments 

3. Applicant's arguments with respect to Claims 1 , 3 and 4 have been fully 
considered but they are not persuasive. Applicant argues that the database 1350 is a 
"database of security associations" and "the database of selector/security association 
pairs is populated by a client when the client access key server 140 and receives keying 
information", provide further support that the database 1350 is local to the client 
(sending or receiving). Examiner disagrees and directs the Applicants attention to 
instant specification Page 21 -22 and in particular, Fig. 13 items 1310 and 1350. As 
disclosed, a security agent 1310 operates between the network API layer 1305 and 
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network protocol layer 1315 and 1310 identifies a corresponding security association 
(for the datagram 1330) in database 1350. Furthermore, Applicant explicitly discloses 
that 1310 operates independent of the network or the application based on 
selector/security associations previously stored in database 1350. The instant 
application does not disclose that the database 1350 is "local sending client database of 
security associations". 

With respect to "receiving client database", the bidirectional arrow between 
elements represent the request/response data flow and contrary to Applicant's 
arguments, disclosure in Pages 20 line 4 through page 23 line 2, the key server (page 
6) located in a separate location and on separate machines (not local to the client). Key 
server maintains a separate database for matching requests for keys to particular 
events and both Fig. 12 and 13 explicitly defines databases used to identify a 
corresponding security association but the corresponding disclosure doest not specify 
"receiving client database" not "local sending client database of security associations". 

Examiner respectfully maintains the rejection and requests amending the claims, in 
particular to include the disclosure in the instant specification pages 20 - 23. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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Amended Claims 1 , 3 and 4 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. 

The amended independent Claim 1 recites, "... creating a selector based on the 
selector data and using said selector to search a local sending client database of 
security..." and "...storing a receiving client database comprising a similar plurality 

With respect to "a local sending client" and "a receiving client database", 
although the specification discloses "A selector is part of a selector/security association 
pair ... .that is to be used by both a sending client and a receiving client to secure 
participation in the corresponding event" (see page 20 lines 18 - 23), the specification 
does not disclose a local sending client database of security and a receiving client 
database. Applicant amendment does not clarify the steps of "a local sending client 
database of security". 

The dependent claims 3 and 4 are rejected at least by virtue of their dependency 
on the dependent claims. 
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4. Regarding Claims 1,3,4,6-10,13,14,16,17 and 19-23, Applicant argues that 
Pensak does not teach "the receiving client storing a receiving client database 
comprising a corresponding plurality of selector/security association pairs received from 
the key server;". This argument is not persuasive. 

Pensak explicitly teaches, "a database comprising corresponding plurality of 
selector/security association pairs" (Column 8 line 63 - Column 9 line 11). Pensak 
discloses that the database can be distributed or shared database residing on multiple 
remote servers and that the database that resides on the client provides a structure for 
associating segment Ids with an associated decryption key, policy associated with a 
segment ID, and options for accessing that segment. Furthermore, Applicant is not 
interpreting the prior art properly. Examiner pointed Pensak teaching in Column 8 line 
64 - Column 9 line 15 to explicitly show that "database sector/security association pairs 
were received from said key server" and not to show that "the decryption keys are 
destroyed prior to the receipt of the next decryption key". In fact, Pensak only discloses 
that only the authorized user can destroy the decryption key or the association of a 
decryption key to a segment or document on the database using the Administrator 
utility. It is well known in the art that only the user with an administrator privilege can 
delete from the secure database. 

Applicant is respectfully requested to apply the Examiner's admitted prior art to 
the Applicant's claimed invention. 
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5. With respect to Claims 1,3,4,6-10,13,14,16,17,19-23,26-28, Applicant argues that 
Pensak does not teach "wherein, for any particular one of said timewise intervals of said 
event having a corresponding selector/security associated pair, the receiving client 
receives said corresponding selector/security association pair from said key server and 
stores said corresponding selector/security association pair in said receiving client 
database prior to receiving said particular one of said timewise intervals of said event". 
This argument is not persuasive. 

Pensak teaches "the user contacts the server independently for authoring, 
viewing and other services; verify the identity of the user; and provide the server with 
user identification information and user authorization profiles" (Column 5 lines 28 - 48), 
wherein, the client receives the selector/security association pair from the key server 
(206) prior to receiving said particular one of said timewise intervals of said event. 

Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that cited prior art does teach or suggest the subject matter broadly 
recited in independent Claims 1, 6, 14, 19, 27 and 28. Dependent claims 3, 4, 7 - 10, 
13, 16, 17, 20 - 23 and 26 are also rejected at least by virtue of their dependency on 
independent claims and by other reason set forth in this office action. 

Accordingly, the rejection for the pending Claims 1, 3, 4, 6 - 10, 13, 14, 16, 17, 
19-23 and 26 - 28 is respectfully maintained. 
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Claim Rejections - 35 USC § 102 



The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

6. Claims 1, 3, 4, 6-9, 13, 14, 16, 17, 19 - 22 and 26 - 28 are rejected under 35 
U.S.C. 102(e) as being anticipated by Pensak et al. (U.S. Patent Number 6,289,450). 

7. Regarding Claims 1, 6, 14 and 19, Pensak teaches 

receiving data from a network application program interface (API) of a sending 
client, the data comprising a portion of an event to be sent from the sending client to a 
receiving client (Summary and Column 2 lines 10 - 28); 

determining if the data is eligible for a security operation, wherein eligibility is 
determined by selector data contained in the data(Summary and Column 2 lines 10 - 
28); 

creating a selector based on the selector data and using said selector to search a 
local sending client database of security associations for at least one selector/security 
association pair identifying a security association corresponding to the selector, said 
database storing a plurality of selector/security association pairs received from a key 
server corresponding to different timewise intervals of said event, the receiving client 
storing a receiving client database comprising a similar plurality of selector/security 
association pairs received from said key server (Summary and Column 2 lines 10 - 57); 
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sending the data to which the security operation has been applied to a network 
protocol layer of the sending client (Summary and Column 3 lines 1 0 - 35); 

wherein, for any particular one of said timewise intervals of said event having a 
corresponding selector/security associated pair, the receiving client receives said 
corresponding selector/security association pair from said key server and stores said 
corresponding selector/security association pair in said receiving client database prior to 
receiving said particular one of said timewise intervals of said event (Column 5 lines 28 
-48). 

8. Regarding Claims 27 and 28, Pensak teaches a processing unit to: 

receive a selector/security association pair identifying a security association 

corresponding to succession of time intervals of said event that are relatively short 

compared to said event duration (Summary and Column 2 lines 10 - 28); 

receiving data from a network application program interface (API) of the sending 

client, the data including a portion of the event within one of said timewise 

intervals(Summary and Column 2 lines 10 - 28), 

determine if the data is eligible for a security operation, wherein eligibility is 

determined by selector data contained in the data(Summary and Column 2 lines 10 - 

28), 

create a selector based on the selector data, wherein said selector indicates at 
least one of said selector/security association received from the key server(Summary 
and Column 2 lines 10 - 57); 
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apply the security operation to the data if the data is eligible, wherein applying 
the security operation comprises using the security association on the at least a 
portion of the data(Summary and Column 2 lines 1 0 - 57), and 

send the data to which the security operation has been applied to a network 
protocol layer of the sending client (Summary and Column 3 lines 10 - 35); 

wherein the receiving client stores a receiving client database comprising a 
corresponding plurality of selector/security association pairs received form the key 
server (Column 8 line 64 - Column 9 line 11); and 

wherein, for any particular one of said timewise intervals of said event having a 
corresponding selector/security associated pair, the receiving client receives said 
corresponding selector/security association pair from said key server and stores said 
corresponding selector/security association pair in said receiving client database prior to 
receiving said particular one of said timewise intervals of said event (Column 5 lines 28 
-48). 



9. Claims 8 and 21 are rejected as applied above in rejecting claims 6 and 19. 
Furthermore, Pensak teaches said event to be sent from the sending client to a 
receiving client storing a remote database comprising a corresponding plurality of 
selector/security association pairs respectively corresponding to said different timewise 
intervals of said event, wherein said timewise intervals of said event are relatively short 
compared to an overall duration of said event (Summary and Column 5 line 28 - 
Column 6 line 60). 
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10. Claims 4 and 17 are rejected as applied above in rejecting claims 1 and 14. 
Furthermore, Pensak teaches wherein said timewise intervals of said event are 
relatively short compared to an overall duration of said event, and wherein applying the 
security operation comprises at least one of: attaching a header to the data, said header 
including a security operation tag; and encrypting the data (Summary and Column 5 line 
28 - Column 8 line 6). 

11. Claims 13 and 26 are rejected as applied above in rejecting claims 6 and 19. 
Furthermore, Pensak teaches applying encryption to the data; removing special 
packaging from the data; applying decryption to the data; and performing an integrity 
check on the data (Summary; Column 7 line 59 - Column 8 line 60). 

12. Claim 20 is rejected as applied above in rejecting claim 19. Furthermore, Pensak 
teaches detecting a security operation tag in a header to the data; detecting failure of an 
integrity check (Summary; Column 5 line 50 - Column 6 line 60). 

13. Claims 3 and 16 are rejected as applied above in rejecting claims 2 and 14. 
Furthermore, Pensak teaches selector data is based at least in part on one of an 
internet protocol address taken from the data and a port indicator taken from the data 
(Summary; Column 5 line 50 - Column 6 line 60 and Column 7 line 59 - Column 8 line 
60). 
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14. Claim 7 is rejected as applied above in rejecting claim 6. Furthermore, Pensak 
teaches detecting a security operation tag in a header to the data; performing an 
integrity check (Summary; Column 5 line 50 - Column 6 line 60). 

15. Claims 9 and 22 are rejected as applied above in rejecting claims 8 and 21 . 
Furthermore, Pensak teaches receiving client database selector/security association 
pairs and said sending client data base selector/security association pairs having been 
received from said key server (Summary; Column 5 line 50 - Column 6 line 60 and 
Column 8 line 64 - Column 9 line 15). 

Allowable Subject Matter 

16. Claims 10 and 23 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the disclosing in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
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responses, to fully consider the references in entirety as potentially disclosing all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892. 

Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific 
disclosure. If applicants are aware of any better prior art than those are cited, they are 
required to bring the prior art to the attention of the examiner. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser Moazzami can be reached on 571-232-4195. Any inquiry of a general nature or 
relating to the status of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 
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